On Saturday, August 01, 2015 03:42:23 PM Richard Guy Briggs wrote:
> Signed-off-by: Richard Guy Briggs <r...@redhat.com>
> ---
>  include/uapi/linux/audit.h |    2 ++
>  kernel/audit.c             |    2 +-
>  kernel/audit_watch.c       |    8 ++++----
>  kernel/auditsc.c           |    6 +++---
>  4 files changed, 10 insertions(+), 8 deletions(-)

Yipee, less magic numbers!

However, one question for you ... are we ever going to see a device or inode 
set to -1 in the userspace facing API?  In other words, should the new 
#defines go in the uapi headers or simply in kernel/audit.h?  Unless it is 
part of the API, let's leave it out of uapi as we have to be very careful 
about that stuff and I'd prefer to keep it minimal.

Also, if we can put the #defines in kernel/audit.h we can use the proper type 
for AUDIT_DEV_UNSET which would make me happy.

> diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h
> index d3475e1..971df22 100644
> --- a/include/uapi/linux/audit.h
> +++ b/include/uapi/linux/audit.h
> @@ -440,6 +440,8 @@ struct audit_tty_status {
>  };
> 
>  #define AUDIT_UID_UNSET (unsigned int)-1
> +#define AUDIT_INO_UNSET (unsigned long)-1
> +#define AUDIT_DEV_UNSET (unsigned)-1
> 
>  /* audit_rule_data supports filter rules with both integer and string
>   * fields.  It corresponds with AUDIT_ADD_RULE, AUDIT_DEL_RULE and
> diff --git a/kernel/audit.c b/kernel/audit.c
> index 1c13e42..d546003 100644
> --- a/kernel/audit.c
> +++ b/kernel/audit.c
> @@ -1761,7 +1761,7 @@ void audit_log_name(struct audit_context *context,
> struct audit_names *n, } else
>               audit_log_format(ab, " name=(null)");
> 
> -     if (n->ino != (unsigned long)-1)
> +     if (n->ino != AUDIT_INO_UNSET)
>               audit_log_format(ab, " inode=%lu"
>                                " dev=%02x:%02x mode=%#ho"
>                                " ouid=%u ogid=%u rdev=%02x:%02x",
> diff --git a/kernel/audit_watch.c b/kernel/audit_watch.c
> index 8f123d7..c668bfc 100644
> --- a/kernel/audit_watch.c
> +++ b/kernel/audit_watch.c
> @@ -138,7 +138,7 @@ char *audit_watch_path(struct audit_watch *watch)
> 
>  int audit_watch_compare(struct audit_watch *watch, unsigned long ino, dev_t
> dev) {
> -     return (watch->ino != (unsigned long)-1) &&
> +     return (watch->ino != AUDIT_INO_UNSET) &&
>               (watch->ino == ino) &&
>               (watch->dev == dev);
>  }
> @@ -179,8 +179,8 @@ static struct audit_watch *audit_init_watch(char *path)
>       INIT_LIST_HEAD(&watch->rules);
>       atomic_set(&watch->count, 1);
>       watch->path = path;
> -     watch->dev = (dev_t)-1;
> -     watch->ino = (unsigned long)-1;
> +     watch->dev = AUDIT_DEV_UNSET;
> +     watch->ino = AUDIT_INO_UNSET;
> 
>       return watch;
>  }
> @@ -493,7 +493,7 @@ static int audit_watch_handle_event(struct
> fsnotify_group *group, if (mask & (FS_CREATE|FS_MOVED_TO) && inode)
>               audit_update_watch(parent, dname, inode->i_sb->s_dev, 
> inode->i_ino, 0);
>       else if (mask & (FS_DELETE|FS_MOVED_FROM))
> -             audit_update_watch(parent, dname, (dev_t)-1, (unsigned long)-1, 
> 1);
> +             audit_update_watch(parent, dname, AUDIT_DEV_UNSET, 
> AUDIT_INO_UNSET, 1);
>       else if (mask & (FS_DELETE_SELF|FS_UNMOUNT|FS_MOVE_SELF))
>               audit_remove_parent_watches(parent);
> 
> diff --git a/kernel/auditsc.c b/kernel/auditsc.c
> index 9fb9d1c..701ea5c 100644
> --- a/kernel/auditsc.c
> +++ b/kernel/auditsc.c
> @@ -180,7 +180,7 @@ static int audit_match_filetype(struct audit_context
> *ctx, int val) return 0;
> 
>       list_for_each_entry(n, &ctx->names_list, list) {
> -             if ((n->ino != -1) &&
> +             if ((n->ino != AUDIT_INO_UNSET) &&
>                   ((n->mode & S_IFMT) == mode))
>                       return 1;
>       }
> @@ -1683,7 +1683,7 @@ static struct audit_names *audit_alloc_name(struct
> audit_context *context, aname->should_free = true;
>       }
> 
> -     aname->ino = (unsigned long)-1;
> +     aname->ino = AUDIT_INO_UNSET;
>       aname->type = type;
>       list_add_tail(&aname->list, &context->names_list);
> 
> @@ -1925,7 +1925,7 @@ void __audit_inode_child(const struct inode *parent,
>       if (inode)
>               audit_copy_inode(found_child, dentry, inode);
>       else
> -             found_child->ino = (unsigned long)-1;
> +             found_child->ino = AUDIT_INO_UNSET;
>  }
>  EXPORT_SYMBOL_GPL(__audit_inode_child);

-- 
paul moore
security @ redhat

--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit

Reply via email to